Microsoft Security Essentials Beta

Microsoft Forefront Endpoint Protection 2010 Beta was released recently along with Microsoft Security Essentials Beta.  I plan on working with FEP (that’s what I’m calling it) soon but until then I wanted to get my hands dirty with MSE on my personal netbook.  I’ll be installing MSE Beta today and showing you how simple and smoothly it’s going to go. 

MSE comes in two packages.  A 32-bit package and a you guessed it 64-bit package.  I’ll be installing the 32-bit package on my netbook replacing my current and reliable Microsoft Security Essentials.

The first thing you’ll get when starting the installer is the User Account Control box.  Yay for UAC (no screenshot)!

After UAC you’ll get the typical Welcome Screen.  What I like here is you get the option to upgrade, not uninstall your old product and install a new product.  Simple but it saves time.  Some beta products require you to uninstall your old products but not this one.

image

Of course I reviewed every word of the License Agreement and clicked I accept.

image

I would recommend joining the Customer Experience Improvement Program.  The more users that join means the more Microsoft will learn about what is really going on out in the wild.  With that information they’ll be able to improve their products and services.

image

I like how I’m given a choice to use the Windows Firewall or not if I have another product.

image

Hey look, it’s upgrading.

image

Toward the end of the install Security Center barked a few times but it’s doing it’s job.  There will be short points in time where no anti-virus is installed, MSE is off, Windows will see that Windows Defender is off with nothing to replace it, and MSE is out of date.  This is all normal so don’t be alarmed.

image

image

image

image

DONE!
image

It took about 2 minutes to upgrade my netbook.  For testing I’m not going to restart just yet.  I was curious to see if MSE was running even though there wasn’t a MSE icon in the systray.  The first thing I checked was the service and yup, it’s running.

image

To see if MSE was actually working I downloaded the EICAR test virus and although I received no prompts from MSE it did remove the EICAR test virus.  I’m going to restart like it wants but before I had a chance to do that Windows is brought up the Windows Update window wanting me to restart.  I’m going to restart this time and continue.  

image

Restarting . . . . . . . . . . . . . . . . .

MSE Beta has the same “tent” icon in the systray

image

In my next blog I’ll cover the actual application.  Stay tuned.

. Log on to a local computer .

Most of the time you log on to a domain that a workstation is joined to.  Sometimes you want to log on locally to the workstation using a local account.  At the log on screen there’s a link that says:

"How do I log on to another domain?"

1

The link says:

"To log on to another domain, type domain namedomain user name.

To log on to your computer (not a domain), type ADAM-PClocal user name."

2

ADAM-PC is used in this example and it’s pretty simple to remember but most of the time it’s some complex computer name.  I think I have ADD so I won’t be able to remember a computer name that is too difficult and I find it a waste of time to write down the computer name on paper just to type it back in.  Here’s an easier way:

.

Yup you saw it.

If you put that in the username field before your local username it will log you on to the local workstation.  Notice in the example below how it’s logging me on to the local workstations?  Pretty cool ‘eh?

3

Remote Desktop options now that Live Mesh is going away

I use Live Mesh on all of my workstations so that I can easily connect to them via it’s Remote Desktop utility.  It’s really handy when I’m at a client, traveling, or on vacation.  According to the Live Mesh website it says “Live Mesh will soon be replaced by the new Windows Live Sync”.  I researched Windows Live Sync and could not find a replacement to live Mesh’s Remote Desktop until I saw Sync in Windows Live Sync Beta!  Now I’m happy.  Windows Live Sync Beta is installed and I’m about ready to set it all back up.

Windows 2008 Secure Socket Tunneling Protocol (SSTP) is great

One of the problems that Catapult Consultants has at times is the restrictions of outbound traffic while at a client site.  Most clients allow all outbound traffic from their locations but there are a few clients that only allow certain outbound traffic.  This has caused problems in the past with some application that use ports other than port 80 and port 443 including VPN. One of the most used VPN protocols is Point-to-Point Tunneling Protocol (PPTP).  PPTP has been in Microsoft Windows since Windows 95 and continues to be part of Windows even in Windows Server 2008 and Windows 7.  It’s fast, it works, and there is no additional software to install. The only problem is if you’re somewhere that doesn’t allow it then Catapult Consultants can’t connect to their office via VPN.  With the introduction of Secure Socket Tunneling Protocol (SSTP) in Windows Server 2008 it was viewed as another way to have Catapult Consultants connect to the Catapult network securely without asking a client to modify their firewall rules. Since SSTP is so new for the Microsoft Operating System it’s only available in Microsoft Vista SP1+, Microsoft Windows 2008, and Microsoft Windows 7. SSTP uses port 443 with SSL and almost everyplace allows outbound traffic through port 443. It also uses certificates. These certificates can be either private corporate ones issued by an internal CA or public certificates. What’s also great is when a Catapult Consultant tries to connect to Catapult via VPN it will try to use PPTP first. If it can’t connect for some reason it will try L2TP/IPsec next. If it can’t connect that way then it will try SSTP and hopefully it will connect since SSTP is designed to work everywhere. Looking at the Microsoft TechNet Routing and Remote Access Blog (http://bit.ly/oadxC ) it appears PPTP puts less of a load on the processor of the VPN server and VPN client. I would imagine why that’s why it tries PPTP first.

What’s great is end users don’t have to do a thing differently or change anything! Everything is setup on the server and public DNS so there is nothing to configure on the clients unless they changed the default settings. Hopefully not.

Now let’s talk about the technical highlights and problems I experienced while implementing SSTP.

If you’ve setup a Microsoft Routing and Remote Access Server using 2 NICs then you really don’t have to do much more to get SSTP to work. I found an article on the Internet (http://bit.ly/26jC5 ) on how to setup SSTP VPN on a server with a single NIC but I’m not fond of setting up VPN on a server with a single NIC. I like using two NICs. The two articles below were very useful for me.
http://bit.ly/ISlVw and http://bit.ly/ac3en .
I decided to setup a new server and test it so it wouldn’t disrupt the current VPN users. My plan was when it was setup, tested, and working just to change the public DNS records and firewall rule. When implementing SSTP for Catapult I had to change the certificates a few times for a few reasons. You should have the certificates installed BEFORE you install RRAS so they will bind the right way but if for some reason you have to change the certificates two articles are very important on how to rebind and what you need to change in the registry. One problem I experienced was I was connecting via SSTP then within 1 second my VPN connection would disconnect. It was bound the right way but my registry settings didn’t reflect the proper SHA hash. Once I change it I was able to stay connected. It drove me crazy because I really don’t get an error message or anything.

Just remember to review the articles for changes. Also make sure you restart RRAS for all changes to take effect. No need to reboot but just restart the service.

One more thing. It appears wildcard certificates work. We couldn’t find anything on the net if they would or not but it LOOKS like they do.

Event ID 73 and Event ID 101 in Event Viewer when migrating from Rights Management Services ( RMS ) to Active Directory Rights Management Services ( AD RMS )

I was tasked with migrating Rights Management Services ( RMS ) to Active Directory Rights Management Services ( AD RMS ) for a client. The old RMS server was Windows 2003 with RMS installed and in production. That same server also hosted the RMS database. The new AD RMS server was of course Windows 2008 that would host the new database. The first thing I wanted to do was to move the SQL database from the old server to the new server, test, and let the dust settle. I followed Microsoft’s TechNet article http://bit.ly/WZaOl with no problems.

I then followed Microsoft’s TechNet article http://bit.ly/YoErt to migrate. Everything looked fine until users tried to open protected emails and documents. They would get the error “You do not have credentials that allow you to open this document. You can request updated permission from SAMPLEUSER@DOMAIN.COM. Do you want to request updated permission?

AD RMS was reading the database but not writing to it for some reason. It turned out some fields in the DRMS_ClusterPolicies table PolicyData column were pointing to the name of the old RMS server. I simply went into the table and replaced the old server name with the new server name.

After that everything started working!

Great Windows 7 feature – Set Different Default Printers for Different Locations

I’ve been using Windows 7 for a few weeks now and I love it, NO, I REALLY MEAN IT WHEN I SAY I LOVE IT!!!

The last time I printed something was at the Catapult Austin office a few days ago.  I set my default printer to the one in my office while I was there.  Today I’m at a client’s site and needed to print something.  When I tried to print a document the default printer automatically changed to a printer at my client’s site.  I researched it and there is a neat new Windows 7 feature.  You can set your default printer based on your location!!!  How cool is that?

http://technet.microsoft.com/en-us/magazine/dd542629.aspx

If you use your system in multiple locations (for example, using your laptop at work and at home) you can set a different default printer for each location. You can default to the networked color laser printer when you’re in the New York office, the scanner/copier/laser printer when you’re in the Seattle office, and your personal printer when at home.

Simply click on the Start Menu and type “printers” in the search field, and choose “Devices and Printers.” Click on one of your printers, and click on the “Manage Default Printers” option in the menu bar. You can then specify which printer should be the default for each network you’ve connected to. And you can select the Microsoft XPS Document Writer for locations where you don’t have access to a printer.

Tip by Jason Leznek, a Group Product Manager at Microsoft.